DDoS hacker attacks divided in three categories

DoS ( Denail of Service ) attack involve one computer and one internet connection, and is used to flood targeted IP resource with IP packets, a DDoS attack uses many computers and many internet connections, often globally distributed, referred to as a bonet.

Volume Based Attacks – this type of Attack include ICMP floods, UDP floods, and other spoofed packet floods. The Attackers’s goal is to saturate bandwidth of the attacked site and resource, and increase its measure in bits per second.

Application Layer Attacks – This type include Zero-Day DDoS attacks, Slowloris, DDoS attacks that target Apache web server, Windows vulnerabilities or OpenBSD vulnerabilities and more. Constructed as legitimate and innocent requests, the purpose of this attacks is to crash the web server, and the magnitude is measured in requests per second.

Speciffic Types of DDoS Attacks

UDP Flood – This type of DDoS attack leverages a sessionless network protocol UDP
( User Datagram Protocol), this attacks floods random ports with numerous UDP packets, which cause the host to check repeatedly for the listening on that port, and reply with an ICMP destination Unrecheable packet. this can lead to inaccessibility.

SYN flood – this DDoS attack exploits weakness in the TCP connection ( three-way handshake ), where a SYN request to initiate a TCP connection with a host must be answered by a SYN-ACK ( acknowledge) response from that host, and then confirmed by an ACK response from requester. In this SYN-Flood scenarion, the requester sends multiple requests, but does not respond to the host’s ACK response, or sends SYN requests from IP address that is Spoofed. The host continue to wait for acknowledgement for each oh the requests, as resulting in denial of service.

Slowloris – Dangerous to hosts that is running Apache server, Tomcat, dhttpd and GoAhead WEbServer. This attack is highly targeted attack, which enable one web server to take down another server, without affecting other services or ports on the targeted network. This type of DDoS attack Slowloris holds as many connections to the target web server open as long as it could. It creates connections to the target server, but send only a partial request. It constantly sends more HTTP headers, never completing a request. The target web server keep each of these false connections open. This overflows the maximum concurrent connection pool, and affect to denial of connections from legal clients.

Ping-of-Death – This type of attack send multiple mailformed or malicious pings to a computer. The maximum packet length of an IP packet is 65,535 bytes. But, the Data link layer ussualy set limits to the maximum frame size – example 1500 bytes over an Ethernet network. In this situation, large IP packets is split across pultiple IP packets- so caled fragments, and the host that recieve reassembles the IP fragments into the complete packets.
In this attack scenario, with malicious manipulation of fragment contents, the recipient end with an IP packets larger than 65,535 bytes when reassemled, so this can overflow memory buffers alocated for this IP packets, that cause denail of service for legitimate IP packets.

Zero-day DDoS – They are unknown or new attacks, exploit vulnerabilities for which patch has not yet been released.This term i well-known hacker community, and this trend is become attackers popular activity.

DDoS attacks are becoming the most widespread types of Attacks, growing rapidly in the last couple of years in number and volume. The trend is shorter attack duration, but bigger packet-per-second attack volume.
One survey found that 40% more DDoS attacks exceeded 1 Gbps in bandwith in 2011, and 13 % were targeted by at least one attack that exceeded 10 Gbps.